Configure Windows 11 Permissions with ESET to MAP NAS Drives

[steven]

Windows updates can negatively affect existing NAS installations. The last update on my Windows 11 PC rendered my mapped drives useless because they were no longer accessible and a reboot. I tried many posts using Windows Registry Editor to reconnect the drives but they did not work. Windows could find my NAS but when I tried to map a drive it would respond with "Access is denied" before selecting anything. After numerous registry changes I decided to repair Windows, in case I messed something up, and try another method.

Since the problem appeared to be permissions, I decided to use ESET to control SMB permissions. This worked immediately and was easy to set up. Before opening ESET, log in to your NAS and go to Control Panel > File Services > and click the SMB tab. Ensure the Enable SMB service box is checked. Then click Advanced Settings to the SMB settings. Do not use SMB1 for the minimum SMB protocol unless you have an old device that does not support SMB2 and/or SMB3. Then select Clear SMB cache. When finished select save.

Open ESET and press F5 to bring up the advanced menu and select Network Access Protection.
Then click the plus sign for Network attack protection.

Select IDS rules Edit

Click the Add rules button.

Here you can create a number of rules that affect you PCs Intrusion Detection System (IDS).

To enable SMB scroll down to the Use of NTLM in SMB selections.
If your PC network is private select "Use of NTLM in SMB in the Trusted zone"
If your PC network is public select "Use of NTLM in SMB outside the Trusted zone"

Next enter the direction and the IP address or addresses of the NAS device(s).
Selecting Out is sufficient to map and use NAS drives.
The example shows two different NAS servers on the same network.
If you have more than one server separate the IPs with a comma.

Here you can apply the rule to a specific profile. So if you only want the SMB rule active for the private trusted network, select private. However if you select a profile ensure you are using the correct SMB detection method.
You also leave this entry blank to apply to all profiles.

Set the action for the rule whenever it is applied to a connection.
The Options to set are Block, Notify and Log.
Block should be set to no. This also prevents Windows from applying extended security extensions.
Notify works any time the rule is applied, which can be annoying.
Log will create an entry in the ESET log whenever the rule is applied. I do not use the log because my network is the only one that accesses SMB to the NAS drives.

When finished click the OK button to create and apply the rule. Once the rule is applied reboot your PC.
If the rule was created correctly NAS drives should be able to map the NAS drive.
If you cannot connect, check your entries to ensure the correct rule is selected, the correct IPs are entered and block is set to no.